Solution to impersonating trolls
Posted by Gollan on January 06, 2003 at 16:01:20: Previous Next
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It isn't perfect but you can digitially sign your messages. Anyone
who wants can verify your signature:
(1) From the PGP website and download and install the FREEWARE
version of PGP 8.0.
(2) Generate a key pair that has your usual hyperboard name and email
address. Register it with the PGP keyserver using the PGP Key
software.
(*) When you write a message on the hyperboard and are done, select
"Current Window | Sign" from the PGPTray.
To verify a signature, put the cursor at the start of the signature
block and select "Current Window | Decrypt and Verify". If it is a
valid signature it will show you the user's name and email address.
It should match what they claim on the message.
Henceforth, all my posts to this board will be PGP signed.
- -Gollan
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
iQA/AwUBPhn8pKle7nXNZSR0EQJaFACgtsQVJymqGklnY/C53f/YeBCNUyUAn0MT
1mgGmhiXQ//MTruMJPhzlN1o
=vYQU
-----END PGP SIGNATURE-----
Correction to verify the signature.
Posted by Gollan on January 06, 2003 at 16:05:35: Previous Next
In Reply to: Solution to impersonating trolls posted by Gollan on January 06, 2003 at 16:01:20:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Actually you just have to have the message displayed to verify a
signature. Ignore "put the cursor...". Just display the PGP signed
message and select "Current Window | Decrypt and Verify" from the PGP
Tray.
Feel free to email me if you have any questions or need help.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
iQA/AwUBPhn9nale7nXNZSR0EQLtbwCgoLM+NL3g7mPv8iKGU5s4j7KzFooAoNsC
53HWVD0DB6KBYA61NfUZnq+y
=gRkw
-----END PGP SIGNATURE-----
Re: Solution to impersonating trolls
Posted by Nick on January 06, 2003 at 23:02:26: Previous Next
In Reply to: Solution to impersonating trolls posted by Gollan on January 06, 2003 at 16:01:20:
: It isn't perfect but you can digitially sign your messages. Anyone
: who wants can verify your signature:
: (1) From the PGP website and download and install the FREEWARE
: version of PGP 8.0.
I would suggest not bothering. As I found
the hard way determined people can impersonate
you even to the extent of breaking into your accout.
Hackers and/or trolls are very advanced......unfortunately there
are times when there is no way to stop them.
It's frightening to learn just how powerless the
user is when you are a victim in cyberland.
Re: Solution to impersonating trolls
Posted by Dan on January 07, 2003 at 13:46:25: Previous Next
In Reply to: Re: Solution to impersonating trolls posted by Nick on January 06, 2003 at 23:02:26:
Indeed Troll are Trolls...can't stop them all. Just deal with it or if you can't beat'em, join'em!
Skiddly be diddly hump!
Re: Solution?
Posted by Hair Religion on January 07, 2003 at 13:33:41: Previous Next
In Reply to: Solution to impersonating trolls posted by Gollan on January 06, 2003 at 16:01:20:
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
iQA/AwUBPhn8pKle7nXNZSR0EQJaFACgtsQVJymqGklnY/C53f/YeBCNUyUAn0MT
1mgGmhiXQ//MTruMJPhzlN1o
=vYQU
-----END PGP SIGNATURE-----
So this tells us what?
Can't I just copy this or make up my own?
Is anyone here going to do something to verify these tags and how would they do this?
--Rev. Erik
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
bQA/AwUBPhn8pKle7nXNZSR0EQJaFACgtsQVJymqGkhnY/C53f/YeBCNPyUAn0MT
1mgGmhiXQ//MTruMJPhzlN1y
=cYQA
-----END PGP SIGNATURE-----
Re: Solution?
Posted by Gollan on January 07, 2003 at 15:18:14: Previous Next
In Reply to: Re: Solution? posted by Hair Religion on January 07, 2003 at 13:33:41:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> So this tells us what? Can't I just copy this or make up my own?
If you run the PGP software Decrypt & Verify it will tell you two
things:
(1) If the signature is valid. Pasting some signature into a message
is detected by the PGP software it will show as a "bad signature"
error.
(2) If the signature is valid, the associated email address of the
person who signed it. A troll could add a valid signature but it
would have a different email address and user name.
Verify need not be used for every message, just ones that seem a
little off. It is not perfect, but it will make it easier for regular
posters defend against trolls. Any message not signed and verified to
be from gollan@ntelos.net is NOT from me.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
iQA/AwUBPhtEIKle7nXNZSR0EQLD4ACeIqSr4QjuWmkq22rIl7hYwVKihZoAoP6A
N21vOOpvVnuWXuOoH9J5WlZG
=1nVU
-----END PGP SIGNATURE-----
Re: added step?
Posted by Hair Religion on January 10, 2003 at 22:20:29: Previous Next
In Reply to: Re: Solution? posted by Gollan on January 07, 2003 at 15:18:14:
But since you are already using it for your posts then I assume that it's not the board administrator who has to include it into the site and require everyone to use it.
This would mean that fake messages would still be posted on the board and an after-the-fact analysis would have to be done...which is what we are already doing by realizing that the person wouldn't have said what was posted or by the imitated person themself saying that they didn't post it. Your program would just be a confirmation that it is fake in addition to the two other methods I just described.
Did I get this right?
I'm just trying to figure out what this program would actually do to improve the board since posts can be done whether or not you use the program.
Just individual security.
Posted by Gollan on January 11, 2003 at 16:47:18: Previous Next
In Reply to: Re: added step? posted by Hair Religion on January 10, 2003 at 22:20:29:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It's not perfect. If someone always uses a signature then a troll
will not be able to impersonate them without being revealed. The
signature will not be valid or it will not be registered to the
correct person. Only useful after the fact as a defense ("it was not
a post from me because it is not signed by me"). Once a user gets a
reputation on this board I would hope that their word would be
enough.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
iQA/AwUBPiCe/qle7nXNZSR0EQKI/QCfZuy+Iiii9E7yjcxcK+KXY7I39qwAn0D0
gl6BwrCqpB9h9ub5oAQHfq4x
=K2Ws
-----END PGP SIGNATURE-----
Re: Just individual security.
Posted by seraphim on January 17, 2003 at 11:48:27: Previous Next
In Reply to: Just individual security. posted by Gollan on January 11, 2003 at 16:47:18:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
: It's not perfect. If someone always uses a signature then a troll
: will not be able to impersonate them without being revealed.
I had held off on this because I didn't really see the need. Now that
I've been spoofed repeatedly, I've decided to use it.
~S
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
iQA/AwUBPiez+JRTihjv8QkBEQKmBACfeQ0I2IRmzEq7F8pJmiC/sKwyu0QAnR78
MWJTTk3c7QNnHUXVtzxi4CFZ
=T+Z7
-----END PGP SIGNATURE-----
Re: Solution to impersonating trolls
Posted by Webmaster on January 16, 2003 at 00:31:03: Previous Next
In Reply to: Solution to impersonating trolls posted by Gollan on January 06, 2003 at 16:01:20:
I personally dislike these signatures. They clutter the display, and probably very few people use them. Not only that, it's not that hard to put up a reasonable front if you put your mind to it.
Note: I am not asking you to stop using the signatures. You may if you like. I just don't like them.